diff options
author | Benjamin Franzke <benjaminfranzke@googlemail.com> | 2013-01-26 10:44:24 +0100 |
---|---|---|
committer | Benjamin Franzke <benjaminfranzke@googlemail.com> | 2013-01-26 10:51:52 +0100 |
commit | f670f9aaa9e333b8d66309729bce7a8ff94f3960 (patch) | |
tree | 98497429322e36cd66a32815f0a946a7d021761b | |
parent | e0074fe42cd13abba6afeebf1236c7a4d2774839 (diff) | |
download | sqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.tar.gz sqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.tar.bz2 sqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.zip |
Put queries into a transaction and rollback after user query
So that users cannot change the database.
This has the disadvantage, that we cant have tests
where user has to insert stuff.
-rw-r--r-- | sqlbox/view.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sqlbox/view.php b/sqlbox/view.php index 47a9de4..f215d7d 100644 --- a/sqlbox/view.php +++ b/sqlbox/view.php @@ -99,12 +99,18 @@ if (isset($data->sqlbox_query)) { print_error('dbconnectionfailed', 'sqlbox'); $table = db_table_from_query($db, $data->sqlbox_query); + $result = @pg_query($db, "BEGIN TRANSACTION;"); + if (!$result) + print_error('dmltransactionexception'); if (strlen($sqlbox->query) > 0) { $table_orig = db_table_from_query($db, $sqlbox->query); if ($table->data != $table_orig->data || $table->head != $table_orig->head) $correct = false; } + $result = @pg_query($db, "ROLLBACK TRANSACTION;"); + if (!$result) + print_error('dmltransactionexception'); pg_close($db); echo html_writer::table($table); |